From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C9D2F2202E4A2 for ; Wed, 14 Mar 2018 23:49:33 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Mar 2018 23:55:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24685274" Received: from ray-dev.ccr.corp.intel.com (HELO [10.239.9.4]) ([10.239.9.4]) by fmsmga008.fm.intel.com with ESMTP; 14 Mar 2018 23:55:56 -0700 To: Jian J Wang , edk2-devel@lists.01.org Cc: Jiewen Yao , Eric Dong , Star Zeng References: <20180315062202.7456-1-jian.j.wang@intel.com> From: "Ni, Ruiyu" Message-ID: Date: Thu, 15 Mar 2018 14:55:55 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180315062202.7456-1-jian.j.wang@intel.com> Subject: Re: [PATCH] MdeModulePkg/PiSmmCore: fix #PF caused by freeing read-only memory X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 06:49:35 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 3/15/2018 2:22 PM, Jian J Wang wrote: > SMM core will add a HEADER before each allocated pool memory and clean > up this header once it's freed. If a block of allocated pool is marked > as read-only after allocation (EfiRuntimeServicesCode type of pool in > SMM will always be marked as read-only), #PF exception will be triggered > during memory pool freeing. > > Normally EfiRuntimeServicesCode type of pool should not be freed in the > real world. But some test suites will actually do memory free for all > types of memory for the purpose of functionality and conformance test. > So this issue should be fixed anyway. Does DxeCore have such problem? > > Cc: Star Zeng > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Ruiyu Ni > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jian J Wang > --- > MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > index f9657f9baa..d5556eb79c 100644 > --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > @@ -941,6 +941,7 @@ AdjustMemoryF ( > EFI_PHYSICAL_ADDRESS MemoryToTest; > UINTN PagesToFree; > UINT64 GuardBitmap; > + UINT64 Attributes; > > if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) { > return; > @@ -949,6 +950,27 @@ AdjustMemoryF ( > Start = *Memory; > PagesToFree = *NumberOfPages; > > + // > + // In case the memory to free is marked as read-only (e.g. EfiRuntimeServicesCode). > + // > + if (mSmmMemoryAttribute != NULL) { > + Attributes = 0; > + mSmmMemoryAttribute->GetMemoryAttributes ( > + mSmmMemoryAttribute, > + Start, > + EFI_PAGES_TO_SIZE (PagesToFree), > + &Attributes > + ); > + if ((Attributes & EFI_MEMORY_RO) != 0) { > + mSmmMemoryAttribute->ClearMemoryAttributes ( > + mSmmMemoryAttribute, > + Start, > + EFI_PAGES_TO_SIZE (PagesToFree), > + EFI_MEMORY_RO > + ); > + } > + } > + > // > // Head Guard must be one page before, if any. > // > -- Thanks, Ray